chaospatterns
@chaospatterns@lemmy.world
- Comment on 3 days ago:
Depends on the watermark method used. Some people talk about watermarking by subtly adjusting the words used. Like if there’s 5 synonyms and you pick the 1st synonym, next word you pick the 3rd synonym. To check the watermark you have to access to the model and probabilities to see if it matches that. The tricky part about this is that the model can change and so can the probabilities and other things I don’t fully understand.
- Comment on Need some help with networking - tailscale, gluetun etc 5 days ago:
How do you expect the packets to actually route? If you run Tailscale and your VPN on your phone, they might fight with each other for control of the routing table.
If you’re trying to use Tailscale exit note to then route through Tailscale to one node running gluetun to Mullvad. That’s going to be complex because against they both want to mess with the routing table.
Tailscale natively supports Mullvad: tailscale.com/mullvad
- Comment on Need some help with networking - tailscale, gluetun etc 5 days ago:
Okay it was a little hard to read since your post was missing formatting. TS_SUBNETS is what controls what CIDRs are announced through Tailscale. Since you’re not using Docker networking for Jellyfin, it would be whatever subnet the host is on. Maybe it’s 192.168.x.y
- Comment on Need some help with networking - tailscale, gluetun etc 5 days ago:
Gluetun doesn’t make any sense here. You’re forcing all the traffic for from Jellyfin to go through Mullvad, but you need to be able to connect to Jellyfin because Jellyfin is a service you connect to.
Since your Tailscale is host network mounted, you’ll be able to expose your Docker network subnets over Tailscale then access Jellyfin.
You probably intend to gluetun your downloading software, not Jellyfin.
- Comment on Google gets to keep Chrome, judge rules in search antitrust case 1 week ago:
Was that anything more than just rumors? Letting a currently monopolistic company keep the browser because another bad billionaire might buy it and do something bad with it just prevents anything from changing.
- Comment on 1U mini PC for AI? 2 weeks ago:
Your options are to run smaller models or wait. llama3.2:3b fits on my 1080 Ti VRAM and is sufficiently fast. Bigger models will get split between VRAM and RAM and run slower but it’ll work.
Not all models are Gen AI style LLMs. I run GPU based speech to text models on my GPU too for my smart home.
- Comment on Google will require developer verification for Android apps outside the Play Store 2 weeks ago:
Who organized this form? Is there something official to make it look like it’s not just signing me up for spam?
- Comment on 👁️🐽👁️ 3 weeks ago:
That’s also why certain contact lenses can’t be worn overnight or for long periods of time because they aren’t as breathable. At least that’s what my eye doctor said when I got them.
- Comment on Help setting up a selfhosted VPN at home 4 weeks ago:
I use a variant of this: github.com/linuxserver/docker-wireguard
You don’t need two different containers for this. They’re going to either fight each other for control over the networking tables or run wireguard in wireguard
- Comment on GitHub - gmag11/Paperless_ngx_uploader: a simple Android app to upload documents to a Paperless-NGX server using the native share intent. 4 weeks ago:
So I had a chance to try this out. It wasn’t on Google Play Store, only F-Droid. There isn’t really SSO support, you either login with User/Password or a token. Instead, I login with my browser, get the token and paste it in. That works fine, but an ideal world is just pop up an browser WebView and go through the flow, then grab the token. Maybe it was intentional, but PaperlessShare registered as an Open handler for PDFs and the share menu, whereas this is only share menu.
Overall, it does the job and gets my docs uploaded.
- Comment on Study: Social media probably can’t be fixed 4 weeks ago:
My prediction is that manually reviewing user creation won’t scale to a high level and unless systems develop spam detection and reputation management similar to email then it’s not going to be limited to just one or two bad instances.
Its trivial to create my own instance with a new domain and there’s no limitations against sending ActivityPub messages to a server. Unfortunately the simplest fix is for big instances to restrict what instances can communicate to it, but that causes centralization.
Plus, we don’t need to be huge. There’s no benefit from it.
The benefit is breadth and depth of communities. Reddit is great because if you are interested, there’s a bunch of people talking about it.
- Comment on Systemd Service Hardening 4 weeks ago:
How hard would it be to contribute these improvements back to the project in the form of either distro package updates or documentation changes? Did you consider that?
- Comment on GitHub - gmag11/Paperless_ngx_uploader: a simple Android app to upload documents to a Paperless-NGX server using the native share intent. 5 weeks ago:
Can you expand on the OIDC/OpenID support? Does it support SSO based authentication to Paperless?
- Comment on Leaving GitHub. Music server alternatives? 5 weeks ago:
I respect your strong ethics and sticking to them, but saying they people support genocide for using software hosted on GitHub is an extreme position.
Do you drive a car or fly a plane? Then you must have no red lines against climate change.
- Comment on Self-hosted blog - do I need a static IP address? 5 weeks ago:
- Comment on Itch.io has begun restoring NSFW content, but only if it’s free 1 month ago:
The problem is the payment processor. There’s only so many of them that customers actually choose to use.
- Comment on Mastercard release a statement about game stores, payment processors and adult content 1 month ago:
buy a stock through a company like Fidelity where is the stock actually held and that was layers of public/private companies/corporations
- Comment on OpenAI’s Sam Altman warns of AI voice fraud crisis in banking 1 month ago:
How about some Yubikeys or smart cards instead of something that requires me to scan my retina and share it with Sam Altman
- Comment on I'm setting up a Windows 11 laptop for my uncle. Is there a sneaky way to make it block right-wing bullshit websites? 1 month ago:
If you alter it to 0.0.0.0 then it shouldn’t pop an SSL error, it would be a connection failed error.
- Comment on Just created my own zero trust network! 1 month ago:
Right. Zero trust means at the very least you need to add AuthN and AuthZ to every endpoint with no exceptions for internal IP addresses.
- Comment on Photo management - storing friends' photos 2 months ago:
Encryption at rest just means the data itself is encrypted when stored on disk and the key is somewhere. It doesn’t dictate that the key is not visible to the server.
Encryption in transit refers to an encrypted channel from client to server.
E2E encryption usually refers to encryption from one entity to another where any intermediary servers do not have the ability to decrypt
Source: too many years doing application security at my job
- Comment on Homemade polarimetric synthetic aperture radar drone 2 months ago:
After I read this, I thought it would be really cool to try to make this myself. But then I realized I’m barely able to get a simple circuit working much less one that involves complex RF signalling.
- Submitted 2 months ago to electronics@discuss.tchncs.de | 2 comments
- Comment on Automatic Transfer Switch PDU in The Homelab - Does it make sense? 2 months ago:
The point seems to be able to handle a UPS failure
- Comment on Senate GOP budget bill has little-noticed provision that could hurt your Wi-Fi 2 months ago:
WiFi is on all three bands. It’s not so much what’s newer vs older. Newer devices tend to support 2.4, 5, and 6 and switch between them based on quality of signal and support by the WiFi network. Higher frequencies like 5 and 6GHz are generally better because there’s less interference.
Cheaper devices tend to only support 2.4GHz
- Comment on Meta is Adding AI-Powered Summaries to WhatsApp 2 months ago:
Fascinating. Just based on your comment and nothing else, sounds like it could be something like a CPU Enclave like Intel SGX. Basically a remote client can validate that an application runs in a secure part of a remote cloud computer. The stated goal of SGX is that you only have to trust Intel and if you trust Intel and say run program X in the enclave, then only that part of the CPU can access the data, not the applications running in the non-secure enclave.
Now that brushes over some things like you still need to trust the client and IIRC in a WhatsApp situation, you don’t really know what enclave does, but the communications between the enclave and the host OS are heavily restricted. LLMs also require lots of CPU and are usually run on GPUs, so not sure how that works yet.
- Submitted 2 months ago to technology@lemmy.world | 0 comments
- Comment on Google Play’s latest security change may break many Android apps for some power users. The Play Integrity API uses hardware-backed signals that are trickier for rooted devices and custom ROMs to pass. 3 months ago:
Google is doing this because they have incentives to do so. They want to block malicious actors like attack their platforms.
Other companies want to lock down their own apps because they don’t think users should be permitted to do anything other than use their apps exactly as they want.
I don’t like it as a user, but I also see the reason why companies want this by being on the security side of software.
- Comment on Google Play’s latest security change may break many Android apps for some power users. The Play Integrity API uses hardware-backed signals that are trickier for rooted devices and custom ROMs to pass. 3 months ago:
This is the future of the Big Tech Internet if we’re not careful. Attestation to be able to use communications and other websites.
- Comment on 3 months ago:
I used to work in Amazon (left after 10 years because it wore me down), but it wasn’t that compartmentalized.
I’m sure there were some teams that were like that but I could easily find another team, open a ticket, get a response and see their on calls investigate the issue. It was often times possible to look at their service metrics and source code to see if I could find the problem myself.
Support just can’t share that info because they don’t know what is considered a trade secret or internal detail vs what is public.